Everything seems to be working well, and I have followed all of the
instructions in the following link for ossec to decode mysql logs and alert
on rules. https://groups.google.com/forum/#!topic/ossec-list/u4uXvPnGhQ4
I am a little perplexed because everything else seems to be working.
Troubleshooting: I am trying to login to the mysql-server with an invalid
username or password. The error message should read "Access denied for
1. I see these lines in /var/log/mysql/error.log
2. I have enabled debugging level 2 and see that the agent is collecting
logs for /var/logs/mysql/error.log
3. On the server, I have included the rules file mysql_rules
4. On the agent in agent.conf, I have included the lines:
5. I have restarted both server and agent multiple times
6. I receive real time monitoring alerts on file changes and sudo
7. I receive alerts from the default setup about failed ssh access attempts
but not mysql
8. It's strange I get some alerts about sudo access (level 3) and ssh
access attempts (level 5) but not file changes (I guess this is separate
unless there is a delay for mysql rules I'm not aware of).
Did I miss something to enable mysql alerts?
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.